Skip to content

Commit

Permalink
Fix error handling
Browse files Browse the repository at this point in the history
  • Loading branch information
mpgxvii committed Aug 13, 2024
1 parent 5beee61 commit 0bb1417
Showing 1 changed file with 74 additions and 62 deletions.
136 changes: 74 additions & 62 deletions pkg/errors.tsx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import {
ErrorAuthenticatorAssuranceLevelNotSatisfied,
FlowError,
ErrorBrowserLocationChangeRequired,
NeedsPrivilegedSessionError,
} from "@ory/client"
import { AxiosError } from "axios"
import { NextRouter } from "next/router"
Expand All @@ -14,70 +15,81 @@ export function handleGetFlowError<S>(
resetFlow: Dispatch<SetStateAction<S | undefined>>,
) {
return async (err: AxiosError) => {
const data = err.response?.data as FlowError
switch (data.id) {
case "session_inactive":
await router.push("/login?return_to=" + window.location.href)
return
case "session_aal2_required":
const e = err.response
?.data as ErrorAuthenticatorAssuranceLevelNotSatisfied
if (e.redirect_browser_to) {
const redirectTo = new URL(e.redirect_browser_to)
if (flowType === "settings") {
redirectTo.searchParams.set("return_to", window.location.href)
let error:
| ErrorBrowserLocationChangeRequired
| ErrorAuthenticatorAssuranceLevelNotSatisfied
| NeedsPrivilegedSessionError
const errorId = (err.response?.data as { error?: { id?: string } })?.error
?.id
if (err.response && err.response.data) {
switch (errorId) {
case "session_inactive":
await router.push("/login?return_to=" + window.location.href)
return
case "session_aal2_required":
error = err.response
.data as ErrorAuthenticatorAssuranceLevelNotSatisfied
if (error.redirect_browser_to) {
const redirectTo = new URL(error.redirect_browser_to)
if (flowType === "settings") {
redirectTo.searchParams.set("return_to", window.location.href)
}
// 2FA is enabled and enforced, but user did not perform 2fa yet!
window.location.href = redirectTo.toString()
return
}
// 2FA is enabled and enforced, but user did not perform 2fa yet!
window.location.href = redirectTo.toString()
await router.push("/login?aal=aal2&return_to=" + window.location.href)
return
}
await router.push("/login?aal=aal2&return_to=" + window.location.href)
return
case "session_already_available":
// User is already signed in, let's redirect them home!
await router.push("/")
return
case "session_refresh_required":
// We need to re-authenticate to perform this action
await router.push("/")
return
case "self_service_flow_return_to_forbidden":
// The flow expired, let's request a new one.
toast.error("The return_to address is not allowed.")
resetFlow(undefined)
await router.push("/" + flowType)
return
case "self_service_flow_expired":
// The flow expired, let's request a new one.
toast.error("Your interaction expired, please fill out the form again.")
resetFlow(undefined)
await router.push("/" + flowType)
return
case "security_csrf_violation":
// A CSRF violation occurred. Best to just refresh the flow!
toast.error(
"A security violation was detected, please fill out the form again.",
)
resetFlow(undefined)
await router.push("/" + flowType)
return
case "security_identity_mismatch":
// The requested item was intended for someone else. Let's request a new flow...
resetFlow(undefined)
await router.push("/" + flowType)
return
case "browser_location_change_required":
// Ory Kratos asked us to point the user to this URL.
await router.push("/")
return
}
case "session_already_available":
// User is already signed in, let's redirect them home!
await router.push("/")
return
case "session_refresh_required":
error = err.response.data as NeedsPrivilegedSessionError
// We need to re-authenticate to perform this action
window.location.href = error.redirect_browser_to || "/"
return
case "self_service_flow_return_to_forbidden":
// The flow expired, let's request a new one.
toast.error("The return_to address is not allowed.")
resetFlow(undefined)
await router.push("/" + flowType)
return
case "self_service_flow_expired":
// The flow expired, let's request a new one.
toast.error(
"Your interaction expired, please fill out the form again.",
)
resetFlow(undefined)
await router.push("/" + flowType)
return
case "security_csrf_violation":
// A CSRF violation occurred. Best to just refresh the flow!
toast.error(
"A security violation was detected, please fill out the form again.",
)
resetFlow(undefined)
await router.push("/" + flowType)
return
case "security_identity_mismatch":
// The requested item was intended for someone else. Let's request a new flow...
resetFlow(undefined)
await router.push("/" + flowType)
return
case "browser_location_change_required":
error = err.response.data as ErrorBrowserLocationChangeRequired
// Ory Kratos asked us to point the user to this URL.
window.location.href = error.redirect_browser_to || "/"
return
}

switch (err.response?.status) {
case 410:
// The flow expired, let's request a new one.
resetFlow(undefined)
await router.push("/" + flowType)
return
switch (err.response?.status) {
case 410:
// The flow expired, let's request a new one.
resetFlow(undefined)
await router.push("/" + flowType)
return
}
}

// We are not able to handle the error? Return it.
Expand Down

0 comments on commit 0bb1417

Please sign in to comment.